Adam Fisk wrote:
but there are many other factors at play, including the resources and expertise an organization is able to devote to the problem. Apple, for example, has an overall great security track record, with most of that code closed source.
Umm.... last time I looked, most of the guts, and the attack surface, of MacOS are NOT closed source, they're derived from BSD unix and the code is mostly open source. The proprietary stuff is a relatively thin layer on top of that.
Having said that, if you want to look at folks with LOTS of money and expertise to apply - and a pretty good track - look at NSA.
Then again, it's pretty hard to tell about the security provided by closed source systems - are they really secure, or is it a matter of security by obscurity (think of those NSA chips that are designed to self-destruct if you try to dissect them), and the various crypto systems that have been compromised because human beings stole crypto boxes from embassies. One of the real problems with closed-source systems is that you create a target of opportunity - compromise the organization behind the technology and you can either identify vulnerabilities, or insert them surreptitiously.
Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
